2
Do you really know what is expected of you by the SRA? This is what Samantha Barras, Executive Director of the SRA said in December 2011 “What has changed is the explicit requirement for firms actively to engage with Principles and Outcomes, and avoid a tick-box approach. That is the role of the COLP in particular – to be responsible for taking reasonable steps to put in place systems and controls for good compliance in the firm”

3
Do you have systems and controls for good compliance? - Outcome O(7.2) requires firms to have appropriate systems and controls in place to achieve and comply with all Principles, rules and outcomes and other requirements of the Handbook - Outcome O(7.3) requires firms to identify, monitor and manage risks to the achievement of all outcomes, rules, Principles and other requirements in the Handbook if applicable and take steps to address issues identified - Outcome O(7.4) requires firms to maintain systems and controls for monitoring their financial stability … and take steps to address issues identified

4
What steps will your COLP and COFA need to take to ensure you have systems and controls in place for good compliance? Have they considered whether they will be able to satisfactorily fulfil the roles? And if so, how will they from the outset be able to ensure they can meet their responsibilities?

5
First steps? 1.Secure internal accountability as a condition of taking on the roles 2.Assess whether they will be provided with sufficient: - access to information regarding risk; and - resources to effectively discharge their responsibilities

6
1. Securing internal accountability “We have no room for those who put their own personal agenda ahead of the interests of the clients or the office” David Maister’s “Predictive package” Who has one (or more) of these in their firm?

10
All partners to comply with all Principles, Outcomes and Rules and other requirements of the Handbook and to fully support the COLP / COFA – with sanctions if they do not. Full access to be given to COLP and COFA to all the firm’s information Indemnities to be provided in relation to the COLP’s / COFA’s responsibilities in respect of penalties, costs and expenses A right to take independent advice at firm’s expense for the resolution of disputes Firm to pay premiums on appropriate insurance policies for COLP and COFA Incorporate a ‘whistle-blowing’ policy

11
2. Ensure they will be provided with sufficient …… access to information regarding risk; and the resources to do the job

12
Access to information / knowledge? Will they be provided with access to full information likely to impact on compliance and other risks? What are your risks? Where does the knowledge of your risks reside? Can you / will you be able to access it? Do you / will you have systems to monitor, review and upgrade your knowledge? If you cannot measure risk, you will not be able to manage it

17
Establish the resources you will need to effectively carry out your role For example: Do you have a budget? What will your team look like? Internal or external resource? Part time partners or professionals? Paper records or use of IT?

18
Use of IT as a risk management tool? Use an integrated risk management system to quantify, assess and control risk by : – streamlining diagnosis, mitigation and monitoring – embedding common risk management procedures – providing information access to all who need it – creating and maintaining one central, up to date risk database

19
Advantages of a systemised compliance risk management process? Structured approach focuses on key compliance risk areas Can demonstrate how a firm is complying and the effectiveness of compliance / outcomes Continuous monitoring ensures management of compliance and risk is “lived” day to day Universal application to all compliance and risk areas Comfort / assurance to PI insurers [and SRA?]

20
Planning your resources Carry out a cost / benefit analysis to establish the most resource effective method for you to manage the roles of COLP / COFA to ensure your firm is compliant

21
Other areas on which to focus Compliance management will need to be management driven with top level buy-in - management must not only drive compliance but also live it Zero tolerance is required, with no exceptions – just do it! A mind-set change will be required – managing compliance risk needs to be seen as everyone’s job - training and education programmes can build awareness and change Build a ‘no blame’ culture to encourage disclosure Above all – identify your ‘big gorillas’ and deal with them

22
Your challenge “If you cannot demonstrate compliance we may take regulatory action” Outcomes focused regulation at a glance – www.sra.org.ukwww.sra.org.uk How are you going to be able to demonstrate you are compliant?